- UID
- 1132
注册时间2005-4-20
阅读权限40
最后登录1970-1-1
独步武林
 
TA的每日心情 | 无聊
2020-4-10 17:02 |
|---|
签到天数: 5 天 [LV.2]偶尔看看I
|
【破解日期】 2006年11月22日
【破解作者】 冷血书生
【作者邮箱】 meiyou
【作者主页】 hxxp://www.126sohu.com/
【使用工具】 OD
【破解平台】 Win9x/NT/2000/XP
【软件名称】 VB Crackme 1.0
【下载地址】 本地
【软件大小】 16.5k
【加壳方式】 无
【破解声明】 我是一只小菜鸟,偶得一点心得,愿与大家分享:)
------------------------------------------------------------------------
--------
【破解内容】
- 004031D5 mov esi,1
- 004031DA call dword ptr ds:[<&MSVBVM50.__vbaLenVar>] ; MSVBVM50.__vbaLenVar
- 004031E0 push eax
- 004031E1 call dword ptr ds:[<&MSVBVM50.__vbaI2Var>] ; MSVBVM50.__vbaI2Var
- 004031E7 mov dword ptr ss:[ebp-108],eax ; 密码位数
- 004031ED mov edi,esi
- 004031EF cmp di,word ptr ss:[ebp-108]
- 004031F6 mov ebx,dword ptr ds:[<&MSVBVM50.__vbaStrVa>; MSVBVM50.__vbaStrVarVal
- 004031FC jg CM1.0040332F
- 00403202 cmp si,4
- 00403206 jle short CM1.0040320D
- 00403208 mov esi,1
- 0040320D movsx ecx,di
- 00403210 lea eax,dword ptr ss:[ebp-58]
- 00403213 lea edx,dword ptr ss:[ebp-28]
- 00403216 push eax
- 00403217 push ecx
- 00403218 lea eax,dword ptr ss:[ebp-68]
- 0040321B push edx
- 0040321C push eax
- 0040321D mov dword ptr ss:[ebp-50],1
- 00403224 mov dword ptr ss:[ebp-58],2
- 0040322B call dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
- 00403231 mov eax,2
- 00403236 lea ecx,dword ptr ss:[ebp-88]
- 0040323C movsx edx,si
- 0040323F mov dword ptr ss:[ebp-88],eax
- 00403245 mov dword ptr ss:[ebp-78],eax
- 00403248 push ecx
- 00403249 lea eax,dword ptr ss:[ebp-78]
- 0040324C push edx
- 0040324D lea ecx,dword ptr ss:[ebp-98]
- 00403253 push eax
- 00403254 push ecx
- 00403255 mov dword ptr ss:[ebp-80],1
- 0040325C mov dword ptr ss:[ebp-70],7D0 ; 7D0(十进制为2000
- 00403263 call dword ptr ds:[<&MSVBVM50.#632>] ; MSVBVM50.rtcMidCharVar
- 00403269 lea edx,dword ptr ss:[ebp-68]
- 0040326C lea eax,dword ptr ss:[ebp-40]
- 0040326F push edx
- 00403270 push eax
- 00403271 call ebx
- 00403273 push eax
- 00403274 call dword ptr ds:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr
- 0040327A movsx edx,ax ; 取密码
- 0040327D lea ecx,dword ptr ss:[ebp-98]
- 00403283 lea eax,dword ptr ss:[ebp-44]
- 00403286 push ecx
- 00403287 push eax
- 00403288 mov dword ptr ss:[ebp-118],edx
- 0040328E call ebx
- 00403290 push eax
- 00403291 call dword ptr ds:[<&MSVBVM50.#516>] ; MSVBVM50.rtcAnsiValueBstr /// 取2000的每一位16进制
- 00403297 mov edx,dword ptr ss:[ebp-118]
- 0040329D movsx ecx,ax ; 密码
- 004032A0 xor edx,ecx ; 密码 xor 2000
- 004032A2 lea eax,dword ptr ss:[ebp-A8]
- 004032A8 push edx
- 004032A9 push eax
- 004032AA call dword ptr ds:[<&MSVBVM50.#608>] ; MSVBVM50.rtcVarBstrFromAnsi
- 004032B0 lea ecx,dword ptr ss:[ebp-38]
- 004032B3 lea edx,dword ptr ss:[ebp-A8]
- 004032B9 push ecx
- 004032BA lea eax,dword ptr ss:[ebp-B8]
- 004032C0 push edx
- 004032C1 push eax
- 004032C2 call dword ptr ds:[<&MSVBVM50.__vbaVarCat>] ; MSVBVM50.__vbaVarCat
- 004032C8 mov edx,eax
- 004032CA lea ecx,dword ptr ss:[ebp-38]
- 004032CD call dword ptr ds:[<&MSVBVM50.__vbaVarMove>>; MSVBVM50.__vbaVarMove
- 004032D3 lea ecx,dword ptr ss:[ebp-44]
- 004032D6 lea edx,dword ptr ss:[ebp-40]
- 004032D9 push ecx
- 004032DA push edx
- 004032DB push 2
- 004032DD call dword ptr ds:[<&MSVBVM50.__vbaFreeStrL>; MSVBVM50.__vbaFreeStrList
- 004032E3 add esp,0C
- 004032E6 lea eax,dword ptr ss:[ebp-A8]
- 004032EC lea ecx,dword ptr ss:[ebp-98]
- 004032F2 lea edx,dword ptr ss:[ebp-88]
- 004032F8 push eax
- 004032F9 push ecx
- 004032FA lea eax,dword ptr ss:[ebp-78]
- 004032FD push edx
- 004032FE lea ecx,dword ptr ss:[ebp-68]
- 00403301 push eax
- 00403302 lea edx,dword ptr ss:[ebp-58]
- 00403305 push ecx
- 00403306 push edx
- 00403307 push 6
- 00403309 call dword ptr ds:[<&MSVBVM50.__vbaFreeVarL>; MSVBVM50.__vbaFreeVarList
- 0040330F add esp,1C
- 00403312 inc si
- 00403314 mov eax,1
- 00403319 add ax,di
- 0040331C jo CM1.00403566
- 00403322 jo CM1.00403566
- 00403328 mov edi,eax
- 0040332A jmp CM1.004031EF
- 0040332F lea eax,dword ptr ss:[ebp-38]
- 00403332 lea ecx,dword ptr ss:[ebp-C8]
- 00403338 push eax
- 00403339 push ecx
- 0040333A mov dword ptr ss:[ebp-C0],CM1.004027C8 ; UNICODE "qBQSYdXUe_B\V"
- 00403344 mov dword ptr ss:[ebp-C8],8008
- 0040334E call dword ptr ds:[<&MSVBVM50.__vbaVarTstEq>; MSVBVM50.__vbaVarTstEq
- 00403354 test ax,ax
- 00403357 mov ecx,80020004
- 0040335C mov eax,0A
- 00403361 mov dword ptr ss:[ebp-80],ecx
- 00403364 mov dword ptr ss:[ebp-88],eax
- 0040336A mov dword ptr ss:[ebp-70],ecx
- 0040336D mov dword ptr ss:[ebp-78],eax
- 00403370 je CM1.0040345E ; 爆破点
- 00403376 mov esi,dword ptr ds:[<&MSVBVM50.__vbaVarDu>; MSVBVM50.__vbaVarDup
- 0040337C mov edi,8
- 00403381 lea edx,dword ptr ss:[ebp-D8]
- 00403387 lea ecx,dword ptr ss:[ebp-68]
- 0040338A mov dword ptr ss:[ebp-D0],CM1.00402824 ; UNICODE "Valid"
- 00403394 mov dword ptr ss:[ebp-D8],edi
- 0040339A call esi
- 0040339C lea edx,dword ptr ss:[ebp-C8]
- 004033A2 lea ecx,dword ptr ss:[ebp-58]
- 004033A5 mov dword ptr ss:[ebp-C0],CM1.004027E8 ; UNICODE "Password correct, hehe, :-)"
- 004033AF mov dword ptr ss:[ebp-C8],edi
- /////////////////////////////////////////////////////////////////////////
- /////////////////////////////////////////////////////////////////////////
- 1, 密码 XOR 2000(每一位的16进制,不足就复制一次补足) = A
- 2, A与固定字符串"qBQSYdXUe_B\V"比较,相等就注册成功
- Password: CrackTheWorld
- /////////////////////////////////////////////////////////////////////////
- /////////////////////////////////////////////////////////////////////////
- ------------------------------------------------------------------------
- --------
【版权声明】 本文纯属技术交流, 转载请注明作者并保持文章的完整, 谢谢! |
本帖子中包含更多资源
您需要 登录 才可以下载或查看,没有账号?加入我们
x
|
IP卡
发表于 2006-11-22 17:34:23
提升卡
置顶卡
变色卡
千斤顶
显身卡
发表于 2006-12-5 22:09:28
发表于 2007-1-2 19:05:54
发表于 2007-6-1 16:17:24
